Get Advice Icon

Need advice about which tool to choose?Ask the StackShare community!

Keywhiz
Keywhiz

7
15
+ 1
1
Vault
Vault

235
193
+ 1
51
Add tool

Keywhiz vs Vault: What are the differences?

Keywhiz: A system for distributing and managing secrets. Keywhiz is a secret management and distribution service that is now available for everyone. Keywhiz helps us with infrastructure secrets, including TLS certificates and keys, GPG keyrings, symmetric keys, database credentials, API tokens, and SSH keys for external services — and even some non-secrets like TLS trust stores. Automation with Keywhiz allows us to seamlessly distribute and generate the necessary secrets for our services, which provides a consistent and secure environment, and ultimately helps us ship faster; Vault: Secure, store, and tightly control access to tokens, passwords, certificates, API keys, and other secrets in modern computing. Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log.

Keywhiz and Vault can be primarily classified as "Secrets Management" tools.

Some of the features offered by Keywhiz are:

  • Keywhiz Server provides JSON APIs for accessing and managing secrets. It is written in Java and based on Dropwizard.
  • KeywhizFs is a FUSE-based file system, providing secrets as if they are files in a directory. Transparently, secrets are retrieved from a Keywhiz Server using mTLS with a client certificate.
  • Presenting secrets as files makes Keywhiz compatible with nearly all software. Outside of Keywhiz administration, consumers of secrets only have to know how to read a file.

On the other hand, Vault provides the following key features:

  • Secure Secret Storage: Arbitrary key/value secrets can be stored in Vault. Vault encrypts these secrets prior to writing them to persistent storage, so gaining access to the raw storage isn't enough to access your secrets. Vault can write to disk, Consul, and more.
  • Dynamic Secrets: Vault can generate secrets on-demand for some systems, such as AWS or SQL databases. For example, when an application needs to access an S3 bucket, it asks Vault for credentials, and Vault will generate an AWS keypair with valid permissions on demand. After creating these dynamic secrets, Vault will also automatically revoke them after the lease is up.
  • Data Encryption: Vault can encrypt and decrypt data without storing it. This allows security teams to define encryption parameters and developers to store encrypted data in a location such as SQL without having to design their own encryption methods.

Keywhiz and Vault are both open source tools. Vault with 12.8K GitHub stars and 1.93K forks on GitHub appears to be more popular than Keywhiz with 2.09K GitHub stars and 166 GitHub forks.

What is Keywhiz?

Keywhiz is a secret management and distribution service that is now available for everyone. Keywhiz helps us with infrastructure secrets, including TLS certificates and keys, GPG keyrings, symmetric keys, database credentials, API tokens, and SSH keys for external services — and even some non-secrets like TLS trust stores. Automation with Keywhiz allows us to seamlessly distribute and generate the necessary secrets for our services, which provides a consistent and secure environment, and ultimately helps us ship faster.

What is Vault?

Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log.
Get Advice Icon

Need advice about which tool to choose?Ask the StackShare community!

Why do developers choose Keywhiz?
Why do developers choose Vault?

Sign up to add, upvote and see more prosMake informed product decisions

What are the cons of using Keywhiz?
What are the cons of using Vault?
    Be the first to leave a con
      Be the first to leave a con
      What companies use Keywhiz?
      What companies use Vault?
        No companies found

        Sign up to get full access to all the companiesMake informed product decisions

        What tools integrate with Keywhiz?
        What tools integrate with Vault?
          No integrations found
          What are some alternatives to Keywhiz and Vault?
          AWS Secrets Manager
          AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle.
          Docker Secrets
          A container native solution that strengthens the Trusted Delivery component of container security by integrating secret distribution directly into the container platform.
          Torus CLI
          Torus simplifies the modern development workflow enabling you to store, share, and organize secrets across services and environments. With Torus, you can standardize on one tool across all environments. Map Torus to your workflows using projects, environments, services, teams, and machines.
          SecretHub
          All software needs secrets to access other resources: encryption keys, API tokens, database passwords. Helps teams deploy those application secrets to any cloud with a secure, automatic and reproducible deployment process.
          Confidant
          Confidant is a open source secret management service that provides user-friendly storage and access to secrets in a secure way, from the developers at Lyft.
          See all alternatives
          Decisions about Keywhiz and Vault
          No stack decisions found
          Interest over time
          Reviews of Keywhiz and Vault
          No reviews found
          How developers use Keywhiz and Vault
          No items found
          How much does Keywhiz cost?
          How much does Vault cost?
          Pricing unavailable
          Pricing unavailable
          News about Keywhiz
          More news
          News about Vault
          More news